🤖 lab68dev / AutoPR

AI-powered GitHub App for automated pull request code reviews using Gemini AI and GitOps principles.

---

🧩 Overview

AutoPR is an internal developer productivity tool built by lab68dev that automatically reviews Pull Requests as soon as they’re opened or updated.

When a new PR event is received from GitHub, the app:

1. Fetches the diff of the PR,
2. Sends the code changes to Google Gemini for intelligent review feedback,
3. Posts a summarized AI review as a GitHub comment directly on the PR thread.

This enables faster, more consistent reviews, and helps teams maintain high code quality even with fast CI/CD cycles.

---

⚙️ Tech Stack

Layer	Technology
Backend Framework	FastAPI
AI Engine	Google Gemini API
Version Control	GitHub App Integration
Async HTTP	HTTPX
Language	Python 3.10+
Auth / Security	GitHub App JWT + Webhook Signature Verification
Infra (optional)	Docker, ngrok, GitHub Actions

---

🚀 Features

✅ Automated PR Review via Gemini AI
✅ Secure GitHub App Integration (JWT Auth + Webhooks)
✅ Diff-based review for context-aware analysis
✅ Smart comment posting back to PRs
✅ Easy local development with ngrok tunnel
✅ Modular service structure for clean scaling

---

🧠 Architecture

GitHub Repo  →  Webhook (PR Opened/Updated)
↓
FastAPI Backend
↓
Gemini AI Review Engine (diff analysis)
↓
GitHub PR Comment with Feedback

Folders:

app/
├── main.py                  # FastAPI entrypoint
├── services/
│    ├── github_client.py    # Auth + GitHub API
│    └── gemini_client.py    # AI review logic
└── utils/
└── verify_webhook.py   # HMAC verification

---

⚡ Quick Start (Local Setup)

1️⃣ Clone the Repository

git clone https://github.com/lab68dev/autopr.git
cd autopr

2️⃣ Install Dependencies

pip install -r requirements.txt

3️⃣ Setup Environment Variables

Copy .env.example → .env, then fill in your details:

GITHUB_APP_ID=123456
GITHUB_PRIVATE_KEY_PATH=./private-key.pem
GITHUB_WEBHOOK_SECRET=your_webhook_secret
GEMINI_API_KEY=your_gemini_api_key
ORG_NAME=lab68dev

4️⃣ Run the Server

uvicorn app.main:app --reload

Access:

• http://127.0.0.1:8000 → Home
• http://127.0.0.1:8000/docs → API Docs

5️⃣ (Optional) Use ngrok for Webhooks

Expose your FastAPI server to the internet for GitHub webhooks:

ngrok http 8000

Then copy the public URL into your GitHub App’s Webhook URL (e.g. https://abcd-1234.ngrok.io/api/v1/webhook).

---

🔐 Security

AutoPR ensures secure webhook communication:

• HMAC SHA-256 signature verification (X-Hub-Signature-256)
• JWT-based GitHub App authentication
• Token-scoped GitHub API access for each installation
• Secrets stored in .env (ignored by .gitignore)

---

🧩 Environment Example

GITHUB_APP_ID=123456
GITHUB_PRIVATE_KEY_PATH=./private-key.pem
GITHUB_WEBHOOK_SECRET=xxxxxxxxxxxxxxxxxxxx
GEMINI_API_KEY=xxxxxxxxxxxxxxxxxxxx
ORG_NAME=lab68dev

---

🧰 Development Notes

• Edit backend code in app/main.py
• All external API calls are async (httpx.AsyncClient)
• Add AI behavior in gemini_client.py
• Verify webhook signature logic in utils/verify_webhook.py

---

🧪 Testing

To test your webhook locally, use:

curl -X POST http://127.0.0.1:8000/api/v1/webhook \
     -H "X-GitHub-Event: pull_request" \
     -H "X-Hub-Signature-256: sha256=..." \
     -d "@sample_payload.json"

---

🐳 Docker (Optional)

docker build -t lab68dev-autopr .
docker run -p 8000:8000 --env-file .env lab68dev-autopr

---

💬 Example AI Review Output

🤖 AutoPR Review (Gemini) ✅ Functionality looks solid ⚠️ Consider adding error handling for network requests 💡 Suggest using async context manager for file IO

---

🧾 License

This project is intended for internal use by lab68dev. Contact your team admin for deployment or usage rights.

---

👨‍💻 Author

lab68dev Engineering Team Built with ❤️ and Gemini AI.